You've been redirected from MobilePaymentsToday.com to PaymentsDive.com. In March 2021, Mobile Payments Today became a part of Payments Dive. For the latest payments news, sign up for the daily newsletter.

Mobey Forum puts its finger on the biggest risk in mobile banking

Published

Nov. 14, 2016

What's the biggest risk in mobile banking? Surprise, surprise: human fallibility.

That's according to a new report from the risk mitigation workgroup of Mobey Forum, a global industry association.

In addition to device and software vulnerabilities, banks must remain vigilant for criminal targeting of end users through social engineering and phishing, as well as fraudulent impersonation of customers during the enrollment and installation of new apps and services, states "The Risk Review: Mobey Forum's Guide to Risk Management in Mobile Financial Services."

"Today's banks and financial institutions need to develop applications for multiple operating systems and many flavors of mobile device, so it can be easy for them to be distracted by the vulnerabilities of the technologies themselves," Ron van Wezel, senior analyst at Aite Group and co-chair of the risk mitigation workgroup, said in a press release. "If they are to implement proper risk mitigation measures, however, it is vitally important that they also acquire specialist knowledge of the user-oriented threats which are now commonplace in mobile fraud."

The report offers a framework for banks to consult when conducting their own risk analyses, the release said. The risk review identifies 12 threat categories and risk level, based upon likelihood and potential impact.

The report also details mitigation measures banks can implement and map by stakeholder group in order to quickly identify required action points within the organization.

"Maintaining the delicate balance between user convenience and security is a fine line for banks to walk," Sirpa Nordlund, executive director of Mobey Forum, said in the release. "To succeed, banks must take a holistic view of risk; one that considers the weaknesses in both the technologies and their customers' behavior."

The risk review is the first in a two-part project. A second report, currently in process, will offer further guidance to financial institutions on mitigation measures and best practices to reduce identified risks.